Solved: disabling IPsec VPN on the Cisco FTD

VIrendraMourya6156 · ‎05-12-2020

Hello Team,

I am looking for the steps to disable/deactivate/shutdown the Site-to-site IPsec VPN on the Cisco FTD. I tried with removing the peer IP but the FMC GUI didn't allow me to save the config. I know we can do this in the legacy Cisco ASA CLI but not sure how to do it in the FTD. Please help.

Firewall - Cisco ASA5545-X Threat Defense, 6.2.2.13

Managed by Cisco FMC.

VIrendraMourya6156 · ‎05-13-2020

Thank You

View solution in original post

Rob Ingram · ‎05-12-2020

Hi,
Do you want to temporarily disable 1x VPN tunnel or all VPN tunnels on the FTD?

If it's just the one tunnel, just change the crypto ACL that matches the interesting traffic used to establish the tunnel, to something incorrect - therefore the tunnel cannot be established. You can quickly change that back when you want to use the tunnel again, it's quicker than rebuilding the topology.

HTH

VIrendraMourya6156 · ‎05-12-2020

Thank you RJI,

Yes, i want to disable 1x VPN tunnel temporary. I thought about changing crypto ACL but was looking for other options like removing peer IP or disabling peer etc.

Rob Ingram · ‎05-12-2020

There is no disable VPN Topology button that I am aware of.
So you only option is to delete or modify the topology as suggested.

VIrendraMourya6156 · ‎05-13-2020

Thank You